* Iptables special config
@ 2009-03-11 18:09 Vitor António das Neves Pinto
0 siblings, 0 replies; 3+ messages in thread
From: Vitor António das Neves Pinto @ 2009-03-11 18:09 UTC (permalink / raw)
To: netfilter
Dear all,
I have a question regarding a special configuration with
iptables, I hope you can help me:
- Behind the NAT there’s a terminal with IP1 that sends a
UDP packet to a host outside the NAT with IP2 (Source
port=1033 Dport= 123)
- The response to this packet (due to load balancing
issues) comes from a machine outside the NAT with IP3 (not
from IP2!!) with Source port=123 Dport=1033
Since iptables is configured as a port restricted NAT the
response packet is dropped not reaching terminal with IP1…
Any idea how to make the packet reach the terminal with
IP1?
I know that with a full cone nat this wouldn’t happen…
Best regards,
Vitor Pinto
^ permalink raw reply [flat|nested] 3+ messages in thread
* Iptables special config
@ 2009-03-12 11:32 Vitor António das Neves Pinto
2009-03-12 14:41 ` Покотиленко Костик
0 siblings, 1 reply; 3+ messages in thread
From: Vitor António das Neves Pinto @ 2009-03-12 11:32 UTC (permalink / raw)
To: netfilter
Dear all,
I have a question regarding a special configuration with
iptables, I hope you can help me:
- Behind the NAT there’s a terminal with IP1 that sends a
UDP packet to a host outside the NAT with IP2 (Source
port=1033 Dport= 123)
- The response to this packet (due to load balancing
issues) comes from a machine outside the NAT with IP3 (not
from IP2!!) with Source port=123 Dport=1033
Since iptables is configured as a port restricted NAT the
response packet is dropped not reaching terminal with IP1…
Any idea how to make the packet reach the terminal with
IP1?
I know that with a full cone nat this wouldn’t happen…
Best regards,
Vitor Pinto
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Iptables special config
2009-03-12 11:32 Iptables special config Vitor António das Neves Pinto
@ 2009-03-12 14:41 ` Покотиленко Костик
0 siblings, 0 replies; 3+ messages in thread
From: Покотиленко Костик @ 2009-03-12 14:41 UTC (permalink / raw)
To: Vitor António das Neves Pinto; +Cc: netfilter
В Чтв, 12/03/2009 в 11:32 +0000, Vitor António das Neves Pinto пишет:
> Dear all,
>
> I have a question regarding a special configuration with
> iptables, I hope you can help me:
> - Behind the NAT there’s a terminal with IP1 that sends a
> UDP packet to a host outside the NAT with IP2 (Source
> port=1033 Dport= 123)
> - The response to this packet (due to load balancing
> issues) comes from a machine outside the NAT with IP3 (not
> from IP2!!) with Source port=123 Dport=1033
>
> Since iptables is configured as a port restricted NAT the
> response packet is dropped not reaching terminal with IP1…
> Any idea how to make the packet reach the terminal with
> IP1?
> I know that with a full cone nat this wouldn’t happen…
On machine with IP3 try to do SNAT to IP2 for those packets. This should
fix your problem.
--
Покотиленко Костик <casper@meteor.dp.ua>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-03-12 14:41 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-03-12 11:32 Iptables special config Vitor António das Neves Pinto
2009-03-12 14:41 ` Покотиленко Костик
-- strict thread matches above, loose matches on Subject: below --
2009-03-11 18:09 Vitor António das Neves Pinto
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.